OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "extensions/browser/verified_contents.h" | 5 #include "extensions/browser/verified_contents.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include "base/base64url.h" | 9 #include "base/base64url.h" |
10 #include "base/files/file_util.h" | 10 #include "base/files/file_util.h" |
(...skipping 25 matching lines...) Expand all Loading... |
36 const char kRootHashKey[] = "root_hash"; | 36 const char kRootHashKey[] = "root_hash"; |
37 const char kSignatureKey[] = "signature"; | 37 const char kSignatureKey[] = "signature"; |
38 const char kSignaturesKey[] = "signatures"; | 38 const char kSignaturesKey[] = "signatures"; |
39 const char kSignedContentKey[] = "signed_content"; | 39 const char kSignedContentKey[] = "signed_content"; |
40 const char kTreeHashPerFile[] = "treehash per file"; | 40 const char kTreeHashPerFile[] = "treehash per file"; |
41 const char kTreeHash[] = "treehash"; | 41 const char kTreeHash[] = "treehash"; |
42 const char kWebstoreKId[] = "webstore"; | 42 const char kWebstoreKId[] = "webstore"; |
43 | 43 |
44 // Helper function to iterate over a list of dictionaries, returning the | 44 // Helper function to iterate over a list of dictionaries, returning the |
45 // dictionary that has |key| -> |value| in it, if any, or NULL. | 45 // dictionary that has |key| -> |value| in it, if any, or NULL. |
46 DictionaryValue* FindDictionaryWithValue(const ListValue* list, | 46 const DictionaryValue* FindDictionaryWithValue(const ListValue* list, |
47 const std::string& key, | 47 const std::string& key, |
48 const std::string& value) { | 48 const std::string& value) { |
49 for (const auto& i : *list) { | 49 for (const auto& i : *list) { |
50 DictionaryValue* dictionary; | 50 const DictionaryValue* dictionary; |
51 if (!i->GetAsDictionary(&dictionary)) | 51 if (!i.GetAsDictionary(&dictionary)) |
52 continue; | 52 continue; |
53 std::string found_value; | 53 std::string found_value; |
54 if (dictionary->GetString(key, &found_value) && found_value == value) | 54 if (dictionary->GetString(key, &found_value) && found_value == value) |
55 return dictionary; | 55 return dictionary; |
56 } | 56 } |
57 return NULL; | 57 return NULL; |
58 } | 58 } |
59 | 59 |
60 } // namespace | 60 } // namespace |
61 | 61 |
(...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
243 // Find the "treehash per file" signed content, e.g. | 243 // Find the "treehash per file" signed content, e.g. |
244 // [ | 244 // [ |
245 // { | 245 // { |
246 // "description": "treehash per file", | 246 // "description": "treehash per file", |
247 // "signed_content": { | 247 // "signed_content": { |
248 // "signatures": [ ... ], | 248 // "signatures": [ ... ], |
249 // "payload": "..." | 249 // "payload": "..." |
250 // } | 250 // } |
251 // } | 251 // } |
252 // ] | 252 // ] |
253 DictionaryValue* dictionary = | 253 const DictionaryValue* dictionary = |
254 FindDictionaryWithValue(top_list, kDescriptionKey, kTreeHashPerFile); | 254 FindDictionaryWithValue(top_list, kDescriptionKey, kTreeHashPerFile); |
255 DictionaryValue* signed_content = NULL; | 255 const DictionaryValue* signed_content = NULL; |
256 if (!dictionary || | 256 if (!dictionary || |
257 !dictionary->GetDictionaryWithoutPathExpansion(kSignedContentKey, | 257 !dictionary->GetDictionaryWithoutPathExpansion(kSignedContentKey, |
258 &signed_content)) { | 258 &signed_content)) { |
259 return false; | 259 return false; |
260 } | 260 } |
261 | 261 |
262 ListValue* signatures = NULL; | 262 const ListValue* signatures = NULL; |
263 if (!signed_content->GetList(kSignaturesKey, &signatures)) | 263 if (!signed_content->GetList(kSignaturesKey, &signatures)) |
264 return false; | 264 return false; |
265 | 265 |
266 DictionaryValue* signature_dict = | 266 const DictionaryValue* signature_dict = |
267 FindDictionaryWithValue(signatures, kHeaderKidKey, kWebstoreKId); | 267 FindDictionaryWithValue(signatures, kHeaderKidKey, kWebstoreKId); |
268 if (!signature_dict) | 268 if (!signature_dict) |
269 return false; | 269 return false; |
270 | 270 |
271 std::string protected_value; | 271 std::string protected_value; |
272 std::string encoded_signature; | 272 std::string encoded_signature; |
273 std::string decoded_signature; | 273 std::string decoded_signature; |
274 if (!signature_dict->GetString(kProtectedKey, &protected_value) || | 274 if (!signature_dict->GetString(kProtectedKey, &protected_value) || |
275 !signature_dict->GetString(kSignatureKey, &encoded_signature) || | 275 !signature_dict->GetString(kSignatureKey, &encoded_signature) || |
276 !base::Base64UrlDecode(encoded_signature, | 276 !base::Base64UrlDecode(encoded_signature, |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
319 reinterpret_cast<const uint8_t*>(payload.data()), payload.size()); | 319 reinterpret_cast<const uint8_t*>(payload.data()), payload.size()); |
320 | 320 |
321 if (!signature_verifier.VerifyFinal()) { | 321 if (!signature_verifier.VerifyFinal()) { |
322 VLOG(1) << "Could not verify signature - VerifyFinal failure"; | 322 VLOG(1) << "Could not verify signature - VerifyFinal failure"; |
323 return false; | 323 return false; |
324 } | 324 } |
325 return true; | 325 return true; |
326 } | 326 } |
327 | 327 |
328 } // namespace extensions | 328 } // namespace extensions |
OLD | NEW |